Security at Breakneck Speed in Times of Heartbleed

Today, an increasing number of companies are abandoning traditional, on-premise software packages for SaaS. And why wouldn’t they? Hosting your company software elsewhere enables you to rationalize investments, adapt more smoothly in a quickly evolving IT landscape, and access applications wherever you need them. In addition, software developers receive valuable user data, enabling them to update their solutions to fit their customers’ needs. But with that increased flexibility come some major security challenges.

Despite an increasing awareness of security and privacy issues in online applications — hello there, NSA — there is a remarkable online scarcity of information and best practices for software developers looking to step up their security levels. There is (http://www.owasp.org), for example; an open source community dedicated to improving the security of software. As far as I know, however, only a few developers keep this treasure of information close to their chest. Odd, considering the grave consequences security breaches can have, resulting in the leak of sensitive information ranging from financial data and contacts thru’ to designs and engineering models. And in every single case, the developer’s reputation will be severely damaged.

Striking the right balance

In many aspects, the evolution toward SaaS demands a whole new perspective on IT security, at least for the SaaS providers. First, in the traditional software development model, software updates were rather infrequent. This allowed time for thorough security audits with every new version. Today’s SaaS applications, however, have a far higher release frequency — up to ten updates per day. For developers and providers, the challenge consists in finding a balance between adapting quickly to outsmart the competition and meet your clients’ needs, and offering the best possible protection. On top of that, most SaaS applications are built on top of numerous (open source) building blocks offered by third parties. They too have their release schedules, security issues, etc. Just last week, the discovery of the Heartbleed OpenSSL bug forced virtually all SaaS builders to update their servers as quickly as possible.

Shielding floods of data

Second, the amount of data floating around nowadays is simply staggering. Successful SaaS providers—think SalesForce, Google AdWords, and many, many others—have millions and millions of customers. Their data is often stored in the same database, increasing the risk of undesired data flows. On top of that, most applications today don’t stand alone, but are part of an ecosystem where several solutions make use of each other’s components. For example, consider a Twitter app combined with a social media monitoring tool and a data visualization app, or CRM software that links to your e-mail app. This interconnectivity, as well as the fact that cloud- and SaaS solutions are globally accessible, makes them particularly vulnerable to threats and attacks.

In the next episode, we’ll discover how big data does more than just increase our vulnerability. When put to good use, it can also provide a solution to the challenges mentioned above. In fact, many companies are already doing that today. Keep your eyes peeled!

The carbon footprint of data centers increases further as ever more services are hosted in the cloud, leveraging the need for an efficient management of the available resources. State-of-the-art servers exhibit a linear relationship between resource ... read more

Coming Bootcamps

How to choose the right payment method and provider for your SaaS? In this seminar, Dominique Adriansens, founder of Twikey, and Nick Boucart (Sirris) will offer you practical advice on what to take into account when choosing a payment solution for y... read more

Virtualization and Cloud Computing are ranked the top 2 business driven technology priorities for CIO’s worldwide. But while delivering on agility requested by business, they must address the security risks, and assess Cloud Services against critic... read more

Get In Touch

Subscribe to Our Newsletter

* indicates required

Email Address *

First Name

Last Name

Latest Tweet

Contact Us

About Nebucom

Software as a Service is rapidly changing the way software companies bring their products and services to the market. Thanks to SaaS, companies can now reach a global audience instantly. In Belgium, many software builders are considering a transition towards a SaaS offering. Sirris, Agoria, iMinds and LSEC joined forces to help Belgian software companies make this transition, by organizing workshops and information sessions that help you understand the challenges and solutions for going Cloud and SaaS.